Solved: Home lab setup - Page 2

shannondhamilton · ‎11-02-2017

Working on setting up home lab, so this is not a production environment. :)

Running into a few issues; been reviewing forums, and feeling overwhelmed.

Equipment:

1x Cisco 3750 10/100 switch

1x 2951 Router

1x 5510 ASA firewall (not in scope yet)

1x VMWare Server (not in scope yet)

Overall objective: Setup home lab to utilize Cisco equipment for existing home fiber internet connection.

Task #1

ISP Modem -> 2951 router-> 3750 switch w/ internet access via switch from plans.

Obstacle1:

Unable to set outside interface of router to use static IP address of 10.40.0.1. At one time had interface set with static IP. Set interface to use DHCP thinking ill just make this work. When I try to change back to test, I get message: "IP address conflicts with gateway ip address in static routing table". So, I unplugged cable connecting ISP modem to Cisco 2951 router and get same message... What did I break?

Obstacle2:

Unable to ping 8.8.8.8 from Cisco router. Is it possible to do this without putting ISP modem in bridge mode?

Here is my router config:

Router#show run
Building configuration...

Current configuration : 1107 bytes
!
! Last configuration change at 06:27:19 UTC Fri Nov 3 2017
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
dot11 syslog
ip source-route
!
!
ip cef
!
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO2851 sn FTX1225A52J
archive
log config
hidekeys
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description WAN
ip address dhcp
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description LAN
ip address 10.40.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed 100
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.30.0.1
!
!
!
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
transport input all
!
scheduler allocate 20000 1000
end

Outside interface IP: 10.30.0.1

Inside Interface IP: 10.40.0.1

shannondhamilton · ‎11-09-2017

Got my mini rack earlier this week, so I tore everything down and then racked it up and reconnected. I set everything up as a router on a stick thinking that would be easier and it was. I was still having issues getting past the internet router provided by the ISP. I found a setting called "DMZ Plus mode".

Here is the description on DMZ Plus mode: Allow all applications (DMZplus mode) - Set the selected computer in DMZplus mode. All inbound traffic, except traffic which has been specifically assigned to another computer using the "Allow individual applications" feature, will automatically be directed to this computer. The DMZplus-enabled computer is less secure because all unassigned firewall ports are opened for that computer.

Note: Once DMZplus mode is selected and you click save, the system will issue a new IP address to the selected computer. The computer must be set to DHCP mode to receive the new IP address from the system, and you must reboot the computer. If you are changing DMZplus mode from one computer to another computer, you must reboot both computers.

Once I enabled this I was able to get out to the internet all is cherry! As this is a home lab, I get to do what I want, so I am going to stick to the router on a stick model for now, and start to focus some energy on configuring my ASA 5510. Thanks Everyone for your assistance!